positive666/Deep_search_lightning
highA lightweight, pure web search solution for large language models, supporting multi-engine aggregated search, deep reflection and result evaluation. A balanced approach between web search and deep research, providing a framework-free implementation and mcp server for easy developer integration.
MCP server (purpose undetermined)
99@mcp.tool()
100def bocha_search(
101 query: str, count: int, api_key: str, filter_list: Optional[list[str]] = None
102) -> list:// Exploitable if MCP is exposed to untrusted prompts (network_exposed) or if LLM is compromised.
The bocha_search tool accepts an api_key parameter directly from the LLM prompt. This means the API key is exposed to the LLM and could be leaked through prompt injection or logged.
ImpactAn attacker exploiting prompt injection could extract the API key from the conversation or cause it to be sent to an external server.
FixRemove the api_key parameter from the tool and read it from environment variables instead, as done for other API keys.
146@mcp.tool()
147async def web_search_tools(
148 context: str, query: str,
149 search_engines = ['baidu', 'duckduckgo', 'bocha',"tavily"],
150) -> Dict[str, Any]:
151 ...
152 engine_config = {
153 'baidu': SearchEngineConfig('baidu', ...),
154 'duckduckgo': SearchEngineConfig('duckduckgo', ...),
155 'bocha': SearchEngineConfig('bocha', ...),
156 'tavily': SearchEngineConfig('tavily', ...),
157}// Applicable when MCP is exposed to untrusted prompts.
The search_engines parameter allows the LLM to specify which search engines to use. While the default list is predefined, the tool does not validate that the provided engines are within the allowed set. This could allow an attacker to specify arbitrary engine names that might be misinterpreted or cause errors.
ImpactAn attacker could potentially cause the tool to attempt to use non-existent engines, leading to errors or unexpected behavior. However, the impact is limited as the engine_config only contains the four defined engines.
FixValidate that each engine in search_engines is one of the supported engines (baidu, duckduckgo, bocha, tavily).
27async def search_tavily(query: str, max_results: int = 5, chunks_per_source: int = 3) -> dict:
28 """Performs a Tavily web search and returns specified number of results."""
29 if not TAVILY_API_KEY:
30 return {"error": "Tavily API key is missing. Set it in your .env file."}
31 if not TAVILY_SEARCH_URL:
32 return {"error": "Tavily search URL is missing."}
33
34 payload = {
35 "query": query,
36 ...
37 }// Applicable when MCP is exposed to untrusted prompts.
The query parameter is passed directly to the Tavily search API without any validation or sanitization. While this is a search tool, the lack of input validation could allow injection of special characters or excessive queries.
ImpactAn attacker could craft queries that cause unexpected behavior in the search API, potentially leading to information disclosure or abuse of the API key.
FixAdd input validation to ensure query is a reasonable string (e.g., length limits, character restrictions).